• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 17th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » New macOS malware aims at infecting devices with malicious macros

New macOS malware aims at infecting devices with malicious macros

April 6th, 2018 Waqas Malware, Security 0 comments
New macOS malware aims at infecting devices with malicious macros
Share on FacebookShare on Twitter

The general perception about Apple devices is that they are protected from malware attacks by default which is not true at all especially after a sudden surge in attacks aiming at iPhones and macOS.

To prove that the IT security researchers at Trend Micro have discovered a new malware which they believe is associated with OceanLotus also known as SeaLotus, Cobalt Kitty, APT 32, and APT-C-00. The infamous OceanLotus group is well known for targeting maritime construction firms, research institutes, media and human rights organizations.

Detected as OSX_OCEANLOTUS.D by Trend Micro researchers, the malware aims at Mac devices that have Perl programming language installed on the system and is being delivered through phishing emails attached with a Microsoft Word document.

More: New macOS malware hijacks DNS settings and takes screenshots

After analyzing the document, researchers noted that its content invites users to register themselves for an event organized by HDMC, a Vietnamese organization that advertises national independence and democracy.

The document contains malicious macros. The email recommends victims to enable macros to read the email and once that’s done the obfuscated macros extract a .XML file from the Word document which is actually an executable file and works as the dropper of the backdoor, which is the final payload.

Moreover, all strings within the dropper including the backdoor are encrypted using a hardcoded RSA256 key. The dropper checks whether it is running as a root or not and based on that it selects where it needs to be installed.

“When the dropper installs the backdoor, it sets its attributes to “hidden” and sets file date and time to random values,” researchers noted. “The dropper will delete itself at the end of the process.”

The backdoor depends on two functions including runHandle and infoClient. The runHandle function is responsible for the backdoor capabilities whereas infoClient collects platform information and sends it to the command and control (C&C) server.

“Malicious attacks targeting Mac devices are not as common as its counterparts, but the discovery of this new macOS backdoor that is presumably distributed via phishing email calls for every user to adopt best practices for phishing attacks regardless of operating system,” concluded Trend Micro.

Although it is unclear how many victims this new malware has found or if it has spread outside Vietnam; macOS users should remain vigilant and refrain from clicking links or downloading files from unknown emails. Furthermore, use an anti-malware software, scan your device daily and keep its operating system updated.

More: CrossRAT keylogging malware targets Linux, macOS & Windows PCs

  • Tags
  • backdoor
  • Cyber Attack
  • Cyber Crime
  • hacking
  • internet
  • Mac
  • Malware
  • Microsoft
  • security
  • Vietnam
  • Windows
Facebook Twitter Google+ LinkedIn Pinterest
Previous article You are not alone; The Pirate Bay is down once again
Next article Hackers compromise AOL advertising platform to mine cryptocurrency
Waqas

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.

Related Posts
What is Ransomware and How to Prevent It?

What is Ransomware and How to Prevent It?

Hacked versions of popular iOS games available on App Store

Hacked versions of popular iOS games available on App Store

Email service provider loses 2 decades worth of data due to hack attack

Email service provider loses 2 decades worth of data due to hack attack

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Chinese facial recognition database tracking Muslims left exposed
Surveillance

Chinese facial recognition database tracking Muslims left exposed

Feb 16th, 2019 428
Website uses Artificial Intelligence to create utterly realistic human faces
Privacy

Website uses Artificial Intelligence to create utterly realistic human faces

Feb 16th, 2019 284
What is Ransomware and How to Prevent It?
Security

What is Ransomware and How to Prevent It?

Feb 15th, 2019 341
Dark Web hacker selling 126M accounts stolen from new data breaches
Hacking News

Dark Web hacker selling 126M accounts stolen from new data breaches

Feb 15th, 2019 789

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.

Follow us